Solved

Tracking a user

Posted on 2001-06-27
10
559 Views
Last Modified: 2010-04-21
Is there a way in unix to track what a user is doing while logged in? Is there an account monitoriing option to flip on for a user's account, or is there a unix application that can monitor online activity (as in tracking what commands a user is executing)?
0
Comment
Question by:dgiessen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 5

Expert Comment

by:Nisus091197
ID: 6233278
You can keep an eye on their shell history file, e.g. .history or .sh_history

You can also setup system accounting using sac.

What OS are you using and what shell is your user using?

If they do not need much access you can give them a menu system of the commands they need or else setup a restricted shell for them.

Regards, Nisus
http://www.omnimodo.com
0
 
LVL 3

Expert Comment

by:interiot
ID: 6233335
ttysnoop is a program that allows you (once you configure things correctly) to view a user's text terminal, just as if you were looking at their screen.

lsof (or other variants depending on the OS) is a program that allows you to view the files that are currently open, and you can specify certain users to look at.  It might take a little detective work, but you can still figure out what the user is doing.
0
 
LVL 3

Expert Comment

by:mrn060900
ID: 6237028
You could also use script ( see script man page) It just copies everything they see/type to a log file, but be warned the logs can get huge.

Regards Mike
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 6241193
most UNIX have the last and lastcomm command
lastcomm requires accounting being configured
0
 
LVL 3

Accepted Solution

by:
interiot earned 50 total points
ID: 6241236
script and .history run in the user's account, so users with evil intent can turn them off before doing anything incriminating.

lastcomm only logs which programs are run, not what is typed.

ttysnoop can't be stopped by the user, and it allows the system administrator to watch (and type things into) the user's terminal in real time, and allows logging.

   http://www.linuxhelp.net/guides/djg/ttysnoop.phtml
   http://www.apart.net/ttysnoop/index-0.7.html
0
 
LVL 5

Expert Comment

by:paulqna
ID: 6248038
within the "top" command you can specify a specific user.

of try the "w" command.
0
 
LVL 1

Expert Comment

by:haeger
ID: 6517098
Hi.
Here's a small program that I found useful from time to time.
http://filewatcher.org/sec/ttysnoop/int_1week.html
Lots of debian there but I know for a fact that it works on other platforms as well.
Watch the user in realtime or just redirect stdin to a file of your choice.

0
 
LVL 1

Expert Comment

by:haeger
ID: 6517100
Hi.
Here's a small program that I found useful from time to time.
http://filewatcher.org/sec/ttysnoop/int_1week.html
Lots of debian there but I know for a fact that it works on other platforms as well.
Watch the user in realtime or just redirect stdin to a file of your choice.

0
 
LVL 21

Expert Comment

by:tfewster
ID: 7705206
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation for this question in the Cleanup topic area as follows:
- Answered by interiot

Please leave any comments here within the next 7 days

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

tfewster (I don't work here, I'm just an Expert :-)
0
 

Expert Comment

by:modulo
ID: 7757496
Finalized as proposed

modulo

Community Support Moderator
Experts Exchange
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question